Newly Discovered XcodeSpy Malware Targets iOS Devs (Facebook Ios Androidgagliordizdnet)

Facebook Ios Androidgagliordizdnet: In today’s industry, it’s difficult to take a step forward without also taking a step back. No matter how much you try to keep a level head and develop responsibly, someone always manages to come along and make things worse.

Unfortunately, that is the case with XcodeSpy. According to security firm Palo Alto Networks, XcodeSpy is malware that targets iOS developers by injecting malicious code into apps after they are compiled. It can also perform remote code execution (RCE) on devices running iOS 8 and earlier. XcodeSpy is likely being used for for information gathering but it could also be used for malware distribution.

The malware was first discovered in February by Palo Alto Networks. The company gathered information from a large number of samples that it managed to capture, as well as from other sources. The researchers uncovered some dubious methods of spreading the malware.

The first version of XcodeSpy began spreading from November 2014. It disguised itself as a cracked version of Xcode, Apple’s official iOS development tool. The malware used phishing schemes in order to trick users into downloading it. When it was installed, XcodeSpy would inject malicious code into any app that was compiled using the compromised copy of Xcode and then resubmit the apps to Apple for approval.

This is how, according to Palo Alto Networks, XcodeSpy spread so quickly. It infected thousands of apps that were then viewed by hundreds of thousands of users worldwide. Apple has since revoked the certificates for the affected apps and has banned the developer accounts that created them.

Once XcodeSpy was discovered, developers who downloaded it had little hope for recovering from its effects. Luckily, Palo Alto Networks was able to retrieve some infrastructure details that should help with removing its effects from infected devices.

The first step in removing the malware is to ensure that the infected apps have been removed from any developer accounts. Then, users should remove their devices and wipe the operating system.

It’s possible that XcodeSpy has only managed to distribute itself on iOS devices that were once connected to the Internet but there is also a possibility of malicious intent behind its distribution.

Apple is offering affected developers support from its software security division. According to Palo Alto Networks, the first step in removing iOS malware is simple:

• Select “Apps” from the home menu and then select “Manage your App IDs.”
• Select each infected app, then select “Confirm” and “Delete Device.”
• From this point onward, you will be asked to enter your password whenever your device is unlocked.
• Ensure that your iOS device is disconnected from the Internet and then select “Settings,” followed by “General,” and then “Reset.”
• Select “Erase All Content and Settings,” and then enter your passcode.
• Finally, select “Erase” again on the warning dialog box.
  In addition to Palo Alto Networks, TeslaCrypt is also a big player in 2016’s malware landscape. It even managed to infect one of the largest PC game distributors in the world, Valve’s Steam service.